The main payload is contained within the referenced FTP download; which is an attempt to get servers to join a botnet. The botnet has successfully compromised a number of PHP web servers so far from various countries.

We recommend that the version of PHP on your web servers should be checked to verify whether your systems are not vulnerable to the exploit. Customers should open a case with RedShield if assistance is required to determine whether systems are vulnerable, or already exploited.